Re: [v6ops] Robert Wilton's No Objection on draft-ietf-v6ops-transition-comparison-03: (with COMMENT)
Gábor LENCSE <lencse@hit.bme.hu> Tue, 03 May 2022 16:48 UTC
Return-Path: <lencse@hit.bme.hu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 729B8C159A20; Tue, 3 May 2022 09:48:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.754
X-Spam-Level:
X-Spam-Status: No, score=-3.754 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.857, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Vk3FDw5YneC; Tue, 3 May 2022 09:48:00 -0700 (PDT)
Received: from frogstar.hit.bme.hu (frogstar.hit.bme.hu [IPv6:2001:738:2001:4020::2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19832C1594B5; Tue, 3 May 2022 09:47:58 -0700 (PDT)
Received: from [192.168.1.145] (host-79-121-42-20.kabelnet.hu [79.121.42.20]) (authenticated bits=0) by frogstar.hit.bme.hu (8.15.2/8.15.2) with ESMTPSA id 243GlZrA002037 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 3 May 2022 18:47:41 +0200 (CEST) (envelope-from lencse@hit.bme.hu)
X-Authentication-Warning: frogstar.hit.bme.hu: Host host-79-121-42-20.kabelnet.hu [79.121.42.20] claimed to be [192.168.1.145]
Content-Type: multipart/alternative; boundary="------------QUbf8BOPlXCPKyuFVpcu0I7j"
Message-ID: <50e49e60-08f9-6e62-50eb-2ae2044e377a@hit.bme.hu>
Date: Tue, 03 May 2022 18:47:31 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1
Content-Language: en-US
To: Robert Wilton <rwilton@cisco.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-v6ops-transition-comparison@ietf.org, v6ops-chairs@ietf.org, v6ops@ietf.org, rbonica@juniper.net
References: <165053738993.9602.8757008086793686084@ietfa.amsl.com>
From: Gábor LENCSE <lencse@hit.bme.hu>
In-Reply-To: <165053738993.9602.8757008086793686084@ietfa.amsl.com>
X-Virus-Scanned: clamav-milter 0.103.2 at frogstar.hit.bme.hu
X-Virus-Status: Clean
Received-SPF: pass (frogstar.hit.bme.hu: authenticated connection) receiver=frogstar.hit.bme.hu; client-ip=79.121.42.20; helo=[192.168.1.145]; envelope-from=lencse@hit.bme.hu; x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with libspf2-1.2.10;
X-DCC--Metrics: frogstar.hit.bme.hu; whitelist
X-Scanned-By: MIMEDefang 2.79 on 152.66.248.44
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/eQznXePbn3nrjIRNwKlWvhPI6Vg>
Subject: Re: [v6ops] Robert Wilton's No Objection on draft-ietf-v6ops-transition-comparison-03: (with COMMENT)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2022 16:48:04 -0000
Dear Robert,
Thank you for your review and I am sorry for my late response. (Now, I
perform the changes in the XML file and submit the new version after
being ready with processing the comments of the other reviewers, too.)
Please see my answers inline.
4/21/2022 12:36 PM keltezéssel, Robert Wilton via Datatracker írta:
> Robert Wilton has entered the following ballot position for
> draft-ietf-v6ops-transition-comparison-03: No Objection
[...]
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thanks Dan for the OPSDIR review.
>
> I support Roman's discuss comment regarding comparing security based on the
> binary object size - I think that there are many more significant factors that
> come into play (source language, LOC in source, how widely is the technology
> used/deployed, experience of the developers, is the code being actively
> maintained, what level of regression/fuzz testing exists) ...
Regarding the code size, I wanted to say that there is a greater chance
that a programmer made a mistake in a more complex program than in a
less complex one. But I admit that it is rather a speculation than a
well defensible statement. So, we decided to remove that paragraph.
> Thank you for this document, I think that it is useful. Some minor
> comments/suggestions:
>
> 2.1. 464XLAT
> The customer-side translator (CLAT) is located in the customer's
> device, and it performs stateless NAT64 translation [RFC7915] (more
> precisely,
>
> Is NAT64 definitely right here, and not NAT46?
In the first case, we meant to use the word "stateless NAT64" as the
general expression for the stateless translation between IPv4 and IPv6
independently from its direction, and then wanted to make it more
precise by using "stateless NAT46" to express the direction. But it
could be done in a more straightforward way. :-)
OLD:
The customer-side translator (CLAT) is located in the customer's
device, and it performs stateless NAT64 translation [RFC7915 <https://datatracker.ietf.org/doc/html/rfc7915>] (more
precisely, stateless NAT46, a stateless IP/ICMP translation from IPv4
to IPv6).
NEW:
The customer-side translator (CLAT) is located in the customer's
device, and it performs stateless NAT46 translation [RFC7915] (more
precisely, a stateless IP/ICMP translation from IPv4 to IPv6).
> 3.4. IPv4 Pool Size Considerations
>
> Often it is assumed that each user-device (computer, tablet,
> smartphone) behind a NAT, could simultaneously use about 300 ports.
> Typically, in the case of a residential subscriber, there will be a
> maximum of 4 of those devices in use simultaneously, which means a
> total of 1,200 ports.
>
> Is a maximum of 4 devices in simultaneous use on a residential internet
> connection realistic? This feels low to me, and potentially this is likely to
> be increasing over time.
Yes, it has been criticized by several other Reviewers, too. I agree
that more than 4 devices may be used simultaneously.
I have changed the text to:
According to [MIY2010], each user-device (computer, tablet,
smartphone) behind a NAT, could simultaneously use up to 300 ports.
(Table 1 of [MIY2010] lists the port number usage of various
applications. According to [REP2014] the downloading of some web
pages may consume up to 200 port numbers.) If the extended NAPT
algorithm is used, which includes the full five tuple into the
connection tracking table, then the port numbers are reused, when the
destinations are different. Therefore, we need to consider the
number of "port hungry" applications that are accessing the same
destination simultaneously. We estimate that in the case of a
residential subscriber, there will be typically no more than 4 of
port hungry applications communicating with the same destination
simultaneously, which means a total of 1,200 ports.
> If the CGN (in case of DS-Lite) or the CE (in case of lw4o6, MAP-E
> and MAP-T) make use of a 5-tuple for tracking the NAT connections,
> the number of ports required per subscriber can be limited as low as
> 4 ports per subscriber. However, the practical limit depends on the
> desired limit for parallel connections that any single host behind
> the NAT can have to the same address and port in Internet. Note that
> it is becoming more common that applications use AJAX and similar
> mechanisms, so taking that extreme limit is probably not a very a
> safe choice.
>
> Previously we were talking about 300 - 1200 ports/subscriber. It wasn't really
> clear to me how this goes down to just 4 ports per subscriber.
>
> If QUIC/HTTP3 deployment continues to pick up then I would expect that may
> reduce the number of ports required since it handled better multiplexing of
> streams.
>
> Finally, I think that having some sort of high level summary (maybe in tabular
> form) may be beneficial, e.g., comparing relative MTU overheads of the
> approaches, stateful vs stateless, IPv4 address scalability/usage.
Yes, I think adding a summarizing table could be a good idea. However,
this draft is now over a lot of reviews, and adding some new material
could result in further comments, which I would like to avoid so that
our draft could be published as soon as possible.
Therefore, if it is not absolutely necessary, I would like to omit the
table.
Once again, thank you for your review and suggestions!
Best regards,
Gábor Lencse
> Thanks,
> Rob
>
>
>
- [v6ops] Robert Wilton's No Objection on draft-iet… Robert Wilton via Datatracker
- Re: [v6ops] Robert Wilton's No Objection on draft… JORDI PALET MARTINEZ
- Re: [v6ops] Robert Wilton's No Objection on draft… Gábor LENCSE
- Re: [v6ops] Robert Wilton's No Objection on draft… Rob Wilton (rwilton)
- Re: [v6ops] Robert Wilton's No Objection on draft… otroan
- Re: [v6ops] Robert Wilton's No Objection on draft… Vasilenko Eduard
- Re: [v6ops] Robert Wilton's No Objection on draft… otroan
- Re: [v6ops] Robert Wilton's No Objection on draft… Vasilenko Eduard